I actually emailed my credit union, pleading for them to increase their 10 character limit to something reasonable, and got a response saying that the way their database handles passwords made it impossible.
Needless to say, I found that to be even more disconcerting than the existence of the character limit.
My credit union enforces similar limits (and only 0-9 are valid characters), but I realized the validation was only enforced in Javascript. I disabled the validation and I was able to use any password I wanted.
Yes, probably, but it's still scary that whichever technical person they asked thought this would be an OK answer to give someone who is reporting security concerns.
Many banks require you to use numbers only for your pin a smart engineer probably figured that cracking 10 char numerical "passwords" is trivial so hashing would be a waste of resources and hence energy and emissions. It is greener that way.
Needless to say, I found that to be even more disconcerting than the existence of the character limit.